Call it a mega-botnet: 20,000 IP addresses and 8.1 million emails -- and that's just in the U.K.
BlackSpider Technologies first discovered the phishing email over the weekend while monitoring email for its security service customers, according to John Fleming, vice president of marketing for BlackSpider. "We see a lot of phishing attacks. But the fact that this was so large and from one source was unique," he says. "Normally, you get them from a number of different sources."
The new exploit follows the pattern of many such attacks, posing as a bank and trying to the lure the victim to a link that's purportedly the bank's Website, where he or she would fill out personal information. The subject line of the emails was NatWest or Bank of Scotland, and the messages contain an image that, if clicked, redirects the recipient to a malicious Website that asks for their personal data. If a victim falls for it, the attacker can access the user's bank account.
Fleming says the phish was short-lived and BlackSpider, which was recently acquired by SurfControl plc , hasn't seen any further signs of the exploit. The company trapped the phish for its security customers but couldn't tell how many U.K. users had fallen for it.
Security experts say that despite the botnet's size, in the end, it's same old, same old. "I don't think this particular spam botnet is much different than others that have surfaced in the past," says Sean Kelly, business technology consultant for Consilium1. Kelly says a spam filter goes a long way for these types of exploits, and it'll cost you more in the end if you don't filter spam.
"The cost of not doing it is too great, from the risk of malicious code getting into your network; the risk of DOS to your mail server and other perimeter devices; and sheer wasted time and offensive content issue with employees having to view and manage the spam emails they receive," Kelly says.
Kelly Jackson Higgins, Senior Editor, Dark Reading